Jump to content

Something blocking antivirus from turning on

TheRanger53
 Share

Recommended Posts

TheRanger53

TheRanger53

Posted
Posted

I am running MSE on my computer but something is blocking it from starting up. Here are the DDS logs. I am running Win 7 Ultimate 64 w/ 8 gigs of ram. Ran malwarebytes after updating it and it found nothing. I also did the scan in safe mode.

.

DDS (Ver_2011-08-26.01) - NTFSAMD64

Internet Explorer: 9.0.8112.16421

Run by Mike at 11:17:47 on 2012-04-06

Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.8173.6707 [GMT -5:00]

.

AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}

SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\nvvsvc.exe

C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe

C:\Windows\system32\nvvsvc.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files (x86)\Gigabyte\EasySaver\ESSVR.EXE

C:\Windows\system32\taskhost.exe

C:\Program Files (x86)\Splashtop\Splashtop Connect\BackService.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files (x86)\Splashtop\Splashtop Connect Firefox Software Updater\WCUService.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files (x86)\Splashtop\Splashtop Connect IE Software Updater\WCUService.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Windows\system32\SearchIndexer.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe

C:\Program Files\Microsoft Security Client\msseces.exe

C:\Program Files\Logitech\Gaming Software\LWEMon.exe

C:\Program Files (x86)\Splashtop\Splashtop Connect\ZyngaGamesAgent.exe

C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe

C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe

C:\Program Files\NVIDIA Corporation\Display\nvtray.exe

C:\Windows\system32\wbem\unsecapp.exe

C:\Windows\sysWOW64\wbem\wmiprvse.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Windows\System32\svchost.exe -k LocalServicePeerNet

C:\Windows\system32\DllHost.exe

C:\Windows\system32\taskeng.exe

C:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe

C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe

C:\Windows\system32\svchost.exe -k SDRSVC

C:\Program Files (x86)\Mozilla Firefox\firefox.exe

C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\DllHost.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\conhost.exe

C:\Windows\SysWOW64\cscript.exe

C:\Windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.yahoo.com/

uURLSearchHooks: Splashtop Connect SearchHook: {0f3dc9e0-c459-4a40-bcf8-747bd9322e10} - C:\Program Files (x86)\Splashtop\Splashtop Connect IE\AddressBarSearch.dll

mWinlogon: Userinit=userinit.exe,

BHO: Splashtop Connect VisualBookmark: {0e5680d1-bf44-4929-94af-fd30d784ad1d} - C:\Program Files (x86)\Splashtop\Splashtop Connect IE\STC.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

mRun: [sTCAgent] "C:\Program Files (x86)\Splashtop\Splashtop Connect IE\STCAgent.exe"

mRun: [ZyngaGamesAgent] "C:\Program Files (x86)\Splashtop\Splashtop Connect\ZyngaGamesAgent.exe"

mRun: [Dolby Home Theater v4] "C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe" -autostart

mRun: [RemoteControl9] "C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe"

mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"

mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mPolicies-explorer: NoActiveDesktop = 1 (0x1)

mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)

mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

TCP: DhcpNameServer = 209.55.5.10 209.55.5.11

TCP: Interfaces\{5DA2A0F4-C64E-423A-89C9-E73B4D65C74E} : DhcpNameServer = 209.55.5.10 209.55.5.11

BHO-X64: Splashtop Connect VisualBookmark: {0E5680D1-BF44-4929-94AF-FD30D784AD1D} - C:\Program Files (x86)\Splashtop\Splashtop Connect IE\STC.dll

BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO-X64: AcroIEHelperStub - No File

BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

mRun-x64: [sTCAgent] "C:\Program Files (x86)\Splashtop\Splashtop Connect IE\STCAgent.exe"

mRun-x64: [ZyngaGamesAgent] "C:\Program Files (x86)\Splashtop\Splashtop Connect\ZyngaGamesAgent.exe"

mRun-x64: [Dolby Home Theater v4] "C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe" -autostart

mRun-x64: [RemoteControl9] "C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe"

mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"

mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\6g1z7odq.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/

FF - component: C:\Program Files (x86)\Splashtop\Splashtop Connect for Firefox\{91c612bf-2a7a-48b8-8c8c-6de28589b7a0}\components\libstutils.dll

FF - plugin: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll

FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll

FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll

FF - plugin: C:\Program Files (x86)\Joystick Plugin\npjoystick.dll

FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrlui.dll

FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npjoystick.dll

FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll

FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll

FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_228.dll

.

---- FIREFOX POLICIES ----

FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=108720

FF - user.js: extensions.BabylonToolbar_i.babExt -

FF - user.js: extensions.BabylonToolbar_i.srcExt - ss

FF - user.js: extensions.BabylonToolbar_i.id - 4c32d4d400000000000050e549c23022

FF - user.js: extensions.BabylonToolbar_i.hardId - 4c32d4d400000000000050e549c23022

FF - user.js: extensions.BabylonToolbar_i.instlDay - 15403

FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17

FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17

FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.170:21:00

FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon

FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar

FF - user.js: extensions.BabylonToolbar_i.aflt - babsst

FF - user.js: extensions.BabylonToolbar_i.smplGrp - none

FF - user.js: extensions.BabylonToolbar_i.tlbrId - base

FF - user.js: extensions.BabylonToolbar_i.instlRef - sst

.

============= SERVICES / DRIVERS ===============

.

R1 AppleCharger;AppleCharger;C:\Windows\system32\DRIVERS\AppleCharger.sys --> C:\Windows\system32\DRIVERS\AppleCharger.sys [?]

R2 ES lite Service;ES lite Service for program management.;C:\Program Files (x86)\Gigabyte\EasySaver\essvr.exe [2012-2-19 68136]

R2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-3-14 2348352]

R2 RtNdPt60;Realtek NDIS Protocol Driver;C:\Windows\system32\DRIVERS\RtNdPt60.sys --> C:\Windows\system32\DRIVERS\RtNdPt60.sys [?]

R2 SCBackService;Splashtop Connect Service;C:\Program Files (x86)\Splashtop\Splashtop Connect\BackService.exe [2010-11-15 477000]

R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-2-29 382272]

R2 WCUService_STC_FF;Splashtop Connect Firefox Software Updater Service;C:\Program Files (x86)\Splashtop\Splashtop Connect Firefox Software Updater\WCUService.exe [2011-3-23 493384]

R2 WCUService_STC_IE;Splashtop Connect IE Software Updater Service;C:\Program Files (x86)\Splashtop\Splashtop Connect IE Software Updater\WCUService.exe [2011-3-22 497480]

R3 EtronHub3;Etron USB 3.0 Extensible Hub Driver;C:\Windows\system32\Drivers\EtronHub3.sys --> C:\Windows\system32\Drivers\EtronHub3.sys [?]

R3 EtronXHCI;Etron USB 3.0 Extensible Host Controller Driver;C:\Windows\system32\Drivers\EtronXHCI.sys --> C:\Windows\system32\Drivers\EtronXHCI.sys [?]

R3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\system32\drivers\nvhda64v.sys --> C:\Windows\system32\drivers\nvhda64v.sys [?]

R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]

S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-2-19 136176]

S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-4-2 253600]

S3 AppleChargerSrv;AppleChargerSrv;system32\AppleChargerSrv.exe --> system32\AppleChargerSrv.exe [?]

S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-2-19 136176]

S3 GVTDrv64;GVTDrv64;C:\Windows\GVTDrv64.sys [2012-2-19 30528]

S3 MpNWMon;Microsoft Malware Protection Network Driver;C:\Windows\system32\DRIVERS\MpNWMon.sys --> C:\Windows\system32\DRIVERS\MpNWMon.sys [?]

S3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?]

S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-4-27 288272]

S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\system32\drivers\rdpvideominiport.sys --> C:\Windows\system32\drivers\rdpvideominiport.sys [?]

S3 RTTEAMPT;Realtek Teaming Protocol Driver (NDIS 6.2);C:\Windows\system32\DRIVERS\RtTeam60.sys --> C:\Windows\system32\DRIVERS\RtTeam60.sys [?]

S3 RTVLANPT;Realtek Vlan Protocol Driver (NDIS 6.2);C:\Windows\system32\DRIVERS\RtVlan60.sys --> C:\Windows\system32\DRIVERS\RtVlan60.sys [?]

S3 TEAM;Realtek Virtual Miniport Driver for Teaming (NDIS 6.2);C:\Windows\system32\DRIVERS\RtTeam60.sys --> C:\Windows\system32\DRIVERS\RtTeam60.sys [?]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]

.

=============== Created Last 30 ================

.

2012-04-04 01:38:35 -------- d-----w- C:\WINSSLog

2012-04-04 01:05:34 8669240 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{4C59FFDE-F0EA-4C8B-832E-D50758E43EE6}\mpengine.dll

2012-04-02 21:31:16 418464 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe

2012-03-27 15:31:17 -------- d-----w- C:\Program Files\CCleaner

2012-03-19 02:38:17 -------- d-----w- C:\Program Files (x86)\Audacity

2012-03-18 17:19:49 592824 ----a-w- C:\Program Files (x86)\Mozilla Firefox\gkmedias.dll

2012-03-18 17:19:49 44472 ----a-w- C:\Program Files (x86)\Mozilla Firefox\mozglue.dll

2012-03-14 21:43:39 -------- d-----w- C:\NVIDIA

2012-03-14 01:00:11 3145728 ----a-w- C:\Windows\System32\win32k.sys

2012-03-14 01:00:08 1544192 ----a-w- C:\Windows\System32\DWrite.dll

2012-03-14 01:00:08 1077248 ----a-w- C:\Windows\SysWow64\DWrite.dll

2012-03-14 00:59:57 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe

2012-03-14 00:59:57 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll

2012-03-14 00:59:56 77312 ----a-w- C:\Windows\System32\rdpwsx.dll

2012-03-14 00:59:47 826880 ----a-w- C:\Windows\SysWow64\rdpcore.dll

2012-03-14 00:59:47 1112064 ----a-w- C:\Windows\System32\rdpcorets.dll

2012-03-14 00:59:47 1031680 ----a-w- C:\Windows\System32\rdpcore.dll

2012-03-14 00:59:46 23552 ----a-w- C:\Windows\System32\drivers\tdtcp.sys

2012-03-14 00:59:46 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys

2012-03-12 02:49:26 -------- d-----w- C:\Users\Mike\AppData\Local\Logitech

2012-03-10 02:50:22 2106216 ----a-w- C:\Windows\SysWow64\D3DCompiler_43.dll

2012-03-10 02:50:22 1998168 ----a-w- C:\Windows\SysWow64\D3DX9_43.dll

2012-03-10 02:49:23 453456 ----a-w- C:\Windows\SysWow64\d3dx10_42.dll

2012-03-10 02:49:22 1892184 ----a-w- C:\Windows\SysWow64\D3DX9_42.dll

2012-03-10 02:49:06 -------- d-----w- C:\Windows\SysWow64\xlive

2012-03-10 02:49:02 -------- d-----w- C:\Program Files (x86)\Microsoft Games for Windows - LIVE

2012-03-09 06:13:57 -------- d-----w- C:\Users\Mike\AppData\Local\Microsoft Game Studios

2012-03-08 02:26:10 -------- d-----w- C:\Program Files (x86)\MSXML 4.0

2012-03-08 02:26:07 -------- d-----w- C:\Program Files (x86)\Common Files\Microsoft Games

2012-03-08 02:04:00 -------- d-----w- C:\Windows\PCHEALTH

2012-03-08 02:03:37 -------- d-----w- C:\Program Files (x86)\Microsoft Games

.

==================== Find3M ====================

.

2012-04-06 15:08:15 25640 ----a-w- C:\Windows\gdrv.sys

2012-04-02 21:31:16 70304 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2012-03-14 16:53:05 30528 ----a-w- C:\Windows\GVTDrv64.sys

2012-03-04 06:11:33 466456 ----a-w- C:\Windows\System32\wrap_oal.dll

2012-03-04 06:11:33 444952 ----a-w- C:\Windows\SysWow64\wrap_oal.dll

2012-03-04 06:11:33 122904 ----a-w- C:\Windows\System32\OpenAL32.dll

2012-03-04 06:11:33 109080 ----a-w- C:\Windows\SysWow64\OpenAL32.dll

2012-02-29 21:00:22 3089728 ----a-w- C:\Windows\System32\nvsvc64.dll

2012-02-29 21:00:09 6074176 ----a-w- C:\Windows\System32\nvcpl.dll

2012-02-29 20:59:47 889664 ----a-w- C:\Windows\System32\nvvsvc.exe

2012-02-29 20:59:47 63296 ----a-w- C:\Windows\System32\nvshext.dll

2012-02-29 20:59:47 118080 ----a-w- C:\Windows\System32\nvmctray.dll

2012-02-29 18:26:56 416064 ----a-w- C:\Windows\SysWow64\nvStreaming.exe

2012-02-25 02:08:55 175616 ----a-w- C:\Windows\System32\msclmd.dll

2012-02-25 02:08:55 152576 ----a-w- C:\Windows\SysWow64\msclmd.dll

2012-02-19 21:42:33 29480 ----a-w- C:\Windows\SysWow64\msxml3a.dll

2012-02-19 21:42:32 505128 ----a-w- C:\Windows\SysWow64\msvcp71.dll

2012-02-19 21:42:32 353576 ----a-w- C:\Windows\SysWow64\msvcr71.dll

2012-01-31 12:44:20 279656 ------w- C:\Windows\System32\MpSigStub.exe

2012-01-17 12:46:01 31040 ----a-w- C:\Windows\System32\nvhdap64.dll

2012-01-17 12:45:56 188224 ----a-w- C:\Windows\System32\drivers\nvhda64v.sys

2012-01-17 12:45:55 1451840 ----a-w- C:\Windows\System32\nvhdagenco6420103.dll

.

============= FINISH: 11:18:33.28 ===============

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2011-08-26.01)

.

Microsoft Windows 7 Ultimate

Boot Device: \Device\HarddiskVolume1

Install Date: 2/19/2012 2:56:24 PM

System Uptime: 4/6/2012 10:07:52 AM (1 hours ago)

.

Motherboard: Gigabyte Technology Co., Ltd. | | GA-990FXA-UD3

Processor: AMD FX-6100 Six-Core Processor | Socket M2 | 3300/200mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 466 GiB total, 344.159 GiB free.

D: is CDROM (CDFS)

.

==== Disabled Device Manager Items =============

.

Class GUID:

Description:

Device ID: USB\VID_0733&PID_0401\6&3275DA6F&0&3

Manufacturer:

Name:

PNP Device ID: USB\VID_0733&PID_0401\6&3275DA6F&0&3

Service:

.

==== System Restore Points ===================

.

RP29: 3/22/2012 11:12:32 AM - Windows Update

RP30: 3/25/2012 8:32:04 PM - Windows Backup

RP31: 3/25/2012 8:52:59 PM - Windows Update

RP32: 3/29/2012 7:06:33 PM - Windows Update

RP33: 4/2/2012 4:37:16 PM - Windows Update

.

==== Installed Programs ======================

.

@BIOS

Adobe Reader 9.5.0

Ashampoo Burning Studio 6 FREE v.6.80

Audacity 2.0

AutoGreen B10.1021.1

CyberLink Media Suite 9

CyberLink MediaEspresso

CyberLink PowerDVD 9

Dolby Home Theater v4

Easy Tune 6 B11.0427.1

EasySaver B9.1214.1

Etron USB3.0 Host Controller

Flight Simulator X

Flight Simulator X Service Pack 1

Google Earth

Google Earth Plug-in

Google Update Helper

Guitar Pro 5.2

Joystick Plug-in

Malwarebytes Anti-Malware version 1.60.1.1000

Microsoft Flight

Microsoft Flight Simulator X

Microsoft Flight Simulator X: Acceleration

Microsoft Games for Windows - LIVE Redistributable

Microsoft Games for Windows Marketplace

Microsoft Silverlight

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219

Mozilla Firefox 11.0 (x86 en-US)

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

MSXML 4.0 SP2 Parser and SDK

NVIDIA PhysX

NVIDIA Stereoscopic 3D Driver

ON_OFF Charge B11.0110.1

OpenAL

Realtek Ethernet Controller Driver

Realtek Ethernet Diagnostic Utility

Realtek High Definition Audio Driver

Revo Uninstaller 1.93

Splashtop Connect for Firefox

Splashtop Connect IE

WinZip 15.0

.

==== Event Viewer Messages From Past Week ========

.

4/3/2012 8:40:51 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: cdrom

4/3/2012 8:39:42 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.

4/3/2012 8:39:00 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service MSIServer with arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046}

4/3/2012 8:33:51 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.123.1029.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8202.0 Error code: 0x8007043c Error description: This service cannot be started in Safe Mode

4/3/2012 8:29:05 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.123.1029.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8202.0 Error code: 0x8007043c Error description: This service cannot be started in Safe Mode

4/3/2012 8:27:36 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.123.1029.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8202.0 Error code: 0x8007043c Error description: This service cannot be started in Safe Mode

4/3/2012 8:27:21 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.123.1029.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8202.0 Error code: 0x8007043c Error description: This service cannot be started in Safe Mode

4/3/2012 8:26:56 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.123.1029.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8202.0 Error code: 0x8007043c Error description: This service cannot be started in Safe Mode

4/3/2012 8:26:56 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}

4/3/2012 8:10:33 PM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.

4/3/2012 8:10:24 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}

4/3/2012 8:10:24 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

4/3/2012 8:10:22 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

4/3/2012 8:10:16 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}

4/3/2012 8:10:05 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AppleCharger discache MpFilter spldr Wanarpv6

4/3/2012 7:53:52 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.

4/2/2012 7:54:19 PM, Error: Ntfs [55] - The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume \Device\HarddiskVolume3.

4/2/2012 7:54:12 PM, Error: Ntfs [55] - The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume E:.

4/2/2012 7:43:45 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.

4/2/2012 5:46:12 PM, Error: Ntfs [55] - The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume \Device\HarddiskVolume5.

4/2/2012 4:50:54 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR1.

4/2/2012 4:26:53 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.

.

==== End Of File ===========================

Thanks for any help

Link to post
Share on other sites
LDTate

LDTate

Posted
Posted

post-32477-1261866970.gif

Logs will be closed if you haven't replied within 3 days

Please do not attach the scan results from Combofx. Use copy/paste.

Vista and Windows 7 users:

1. These tools MUST be run from the executable. (.exe) every time you run them

2. With Admin Rights (Right click, choose "Run as Administrator")

Download ComboFix from one of these locations:

Link 1

Link 2 If using this link, Right Click and select Save As.

* IMPORTANT !!! Save ComboFix.exe to your Desktop

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. Note: If you are having difficulty properly disabling your protective programs, or are unsure as to what programs need to be disabled, please refer to the information available through this link : Protective Programs
  • Double click on ComboFix.exe & follow the prompts.
    Notes: Combofix will run without the Recovery Console installed. Skip the Recovery Console part if you're running Vista or Windows 7.
    Note: If you have XP SP3, use the XP SP2 package.
    If Vista or Windows 7, skip the Recovery Console part
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

RC1.png

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

RC2-1.png

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt using Copy / Paste in your next reply.

Notes:

1.Do not mouse-click Combofix's window while it is running. That may cause it to stall.

2. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.

3. Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.

4. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

Give it atleast 20-30 minutes to finish if needed.

Please do not attach the scan results from Combofx. Use copy/paste.

Also please describe how your computer behaves at the moment.

Link to post
Share on other sites
TheRanger53

TheRanger53

Posted
  • Author
Posted

I downloaded combofix and ran it. It never gave any indication that anything needed to be installed. After the scan and it generated a log I attempted to copy and paste the log but I get an error message that both IE and Firefox cannot be started due to an illegal operation attempted on a registry key that has been marked for deletion. I tried to copy and paste the log onto a flash drive and got a similar message that the operation could not be completed. I was able to move the log to the flash drive using the drop down from the "file" button at the top of notepad.

ComboFix 12-04-10.02 - Mike 04/10/2012 19:57:00.1.6 - x64

Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.8173.6559 [GMT -5:00]

Running from: c:\users\Mike\Desktop\ComboFix.exe

AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}

SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

* Created a new restore point

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\programdata\ntuser.dat

c:\users\Mike\Documents\Gigabyte.2702_GM4_trial_VDE110309-01.tmp

.

.

((((((((((((((((((((((((( Files Created from 2012-03-11 to 2012-04-11 )))))))))))))))))))))))))))))))

.

.

2012-04-11 01:01 . 2012-04-11 01:01 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-04-04 01:38 . 2012-04-04 01:39 -------- d-----w- C:\WINSSLog

2012-04-04 01:05 . 2012-03-14 03:27 8669240 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{4C59FFDE-F0EA-4C8B-832E-D50758E43EE6}\mpengine.dll

2012-04-02 21:31 . 2012-04-02 21:31 418464 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

2012-03-27 15:31 . 2012-03-27 15:31 -------- d-----w- c:\program files\CCleaner

2012-03-19 02:38 . 2012-03-19 02:59 -------- d-----w- c:\users\Mike\AppData\Roaming\Audacity

2012-03-19 02:38 . 2012-03-19 02:38 -------- d-----w- c:\program files (x86)\Audacity

2012-03-18 17:19 . 2012-03-18 17:19 592824 ----a-w- c:\program files (x86)\Mozilla Firefox\gkmedias.dll

2012-03-18 17:19 . 2012-03-18 17:19 44472 ----a-w- c:\program files (x86)\Mozilla Firefox\mozglue.dll

2012-03-14 21:47 . 2012-03-19 02:22 -------- d-----w- c:\users\UpdatusUser

2012-03-14 21:43 . 2012-03-14 21:46 -------- d-----w- C:\NVIDIA

2012-03-14 01:00 . 2012-02-03 04:34 3145728 ----a-w- c:\windows\system32\win32k.sys

2012-03-14 01:00 . 2012-02-10 06:36 1544192 ----a-w- c:\windows\system32\DWrite.dll

2012-03-14 01:00 . 2012-02-10 05:38 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll

2012-03-14 00:59 . 2012-01-25 06:38 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll

2012-03-14 00:59 . 2012-01-25 06:33 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe

2012-03-14 00:59 . 2012-01-25 06:38 77312 ----a-w- c:\windows\system32\rdpwsx.dll

2012-03-14 00:59 . 2012-02-17 06:38 1112064 ----a-w- c:\windows\system32\rdpcorets.dll

2012-03-14 00:59 . 2012-02-17 06:38 1031680 ----a-w- c:\windows\system32\rdpcore.dll

2012-03-14 00:59 . 2012-02-17 05:34 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll

2012-03-14 00:59 . 2012-02-17 04:58 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys

2012-03-14 00:59 . 2012-02-17 04:57 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys

2012-03-12 02:49 . 2012-03-12 02:49 -------- d-----w- c:\users\Mike\AppData\Local\Logitech

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-04-11 01:02 . 2012-02-19 22:24 25640 ----a-w- c:\windows\gdrv.sys

2012-04-02 21:31 . 2012-02-19 23:34 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2012-03-14 16:53 . 2012-02-19 22:24 30528 ----a-w- c:\windows\GVTDrv64.sys

2012-03-14 03:27 . 2012-02-21 01:25 8669240 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

2012-03-10 02:55 . 2009-08-18 18:49 564632 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\wlidui.dll

2012-03-10 02:54 . 2009-08-18 17:24 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll

2012-03-04 06:11 . 2012-03-04 05:44 466456 ----a-w- c:\windows\system32\wrap_oal.dll

2012-03-04 06:11 . 2012-03-04 05:44 444952 ----a-w- c:\windows\SysWow64\wrap_oal.dll

2012-03-04 06:11 . 2012-03-04 05:44 122904 ----a-w- c:\windows\system32\OpenAL32.dll

2012-03-04 06:11 . 2012-03-04 05:44 109080 ----a-w- c:\windows\SysWow64\OpenAL32.dll

2012-03-01 00:02 . 2012-02-19 20:59 2660160 ----a-w- c:\windows\system32\nvapi64.dll

2012-03-01 00:02 . 2012-02-19 20:59 2301248 ----a-w- c:\windows\SysWow64\nvapi.dll

2012-03-01 00:02 . 2011-05-21 12:01 7713088 ----a-w- c:\windows\SysWow64\nvwgf2um.dll

2012-02-29 21:00 . 2011-01-08 02:49 3089728 ----a-w- c:\windows\system32\nvsvc64.dll

2012-02-29 21:00 . 2011-01-08 02:50 6074176 ----a-w- c:\windows\system32\nvcpl.dll

2012-02-29 20:59 . 2011-01-08 02:49 118080 ----a-w- c:\windows\system32\nvmctray.dll

2012-02-29 20:59 . 2011-01-08 02:49 889664 ----a-w- c:\windows\system32\nvvsvc.exe

2012-02-29 20:59 . 2011-01-08 02:49 63296 ----a-w- c:\windows\system32\nvshext.dll

2012-02-29 18:26 . 2012-02-29 18:26 416064 ----a-w- c:\windows\SysWow64\nvStreaming.exe

2012-02-25 03:03 . 2012-02-25 03:03 86528 ----a-w- c:\windows\SysWow64\iesysprep.dll

2012-02-25 03:03 . 2012-02-25 03:03 76800 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe

2012-02-25 03:03 . 2012-02-25 03:03 74752 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe

2012-02-25 03:03 . 2012-02-25 03:03 74752 ----a-w- c:\windows\SysWow64\iesetup.dll

2012-02-25 03:03 . 2012-02-25 03:03 63488 ----a-w- c:\windows\SysWow64\tdc.ocx

2012-02-25 03:03 . 2012-02-25 03:03 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll

2012-02-25 03:03 . 2012-02-25 03:03 367104 ----a-w- c:\windows\SysWow64\html.iec

2012-02-25 03:03 . 2012-02-25 03:03 23552 ----a-w- c:\windows\SysWow64\licmgr10.dll

2012-02-25 03:03 . 2012-02-25 03:03 1798656 ----a-w- c:\windows\SysWow64\jscript9.dll

2012-02-25 03:03 . 2012-02-25 03:03 161792 ----a-w- c:\windows\SysWow64\msls31.dll

2012-02-25 03:03 . 2012-02-25 03:03 152064 ----a-w- c:\windows\SysWow64\wextract.exe

2012-02-25 03:03 . 2012-02-25 03:03 150528 ----a-w- c:\windows\SysWow64\iexpress.exe

2012-02-25 03:03 . 2012-02-25 03:03 1427456 ----a-w- c:\windows\SysWow64\inetcpl.cpl

2012-02-25 03:03 . 2012-02-25 03:03 1127424 ----a-w- c:\windows\SysWow64\wininet.dll

2012-02-25 03:03 . 2012-02-25 03:03 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll

2012-02-25 03:03 . 2012-02-25 03:03 89088 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe

2012-02-25 03:03 . 2012-02-25 03:03 49664 ----a-w- c:\windows\system32\imgutil.dll

2012-02-25 03:03 . 2012-02-25 03:03 420864 ----a-w- c:\windows\SysWow64\vbscript.dll

2012-02-25 03:03 . 2012-02-25 03:03 35840 ----a-w- c:\windows\SysWow64\imgutil.dll

2012-02-25 03:03 . 2012-02-25 03:03 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb

2012-02-25 03:03 . 2012-02-25 03:03 2382848 ----a-w- c:\windows\system32\mshtml.tlb

2012-02-25 03:03 . 2012-02-25 03:03 2308096 ----a-w- c:\windows\system32\jscript9.dll

2012-02-25 03:03 . 2012-02-25 03:03 222208 ----a-w- c:\windows\system32\msls31.dll

2012-02-25 03:03 . 2012-02-25 03:03 173056 ----a-w- c:\windows\system32\ieUnatt.exe

2012-02-25 03:03 . 2012-02-25 03:03 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe

2012-02-25 03:03 . 2012-02-25 03:03 1390080 ----a-w- c:\windows\system32\wininet.dll

2012-02-25 03:03 . 2012-02-25 03:03 12288 ----a-w- c:\windows\system32\mshta.exe

2012-02-25 03:03 . 2012-02-25 03:03 11776 ----a-w- c:\windows\SysWow64\mshta.exe

2012-02-25 03:03 . 2012-02-25 03:03 114176 ----a-w- c:\windows\system32\admparse.dll

2012-02-25 03:03 . 2012-02-25 03:03 101888 ----a-w- c:\windows\SysWow64\admparse.dll

2012-02-25 03:03 . 2012-02-25 03:03 91648 ----a-w- c:\windows\system32\SetIEInstalledDate.exe

2012-02-25 03:03 . 2012-02-25 03:03 85504 ----a-w- c:\windows\system32\iesetup.dll

2012-02-25 03:03 . 2012-02-25 03:03 76800 ----a-w- c:\windows\system32\tdc.ocx

2012-02-25 03:03 . 2012-02-25 03:03 603648 ----a-w- c:\windows\system32\vbscript.dll

2012-02-25 03:03 . 2012-02-25 03:03 48640 ----a-w- c:\windows\system32\mshtmler.dll

2012-02-25 03:03 . 2012-02-25 03:03 448512 ----a-w- c:\windows\system32\html.iec

2012-02-25 03:03 . 2012-02-25 03:03 30720 ----a-w- c:\windows\system32\licmgr10.dll

2012-02-25 03:03 . 2012-02-25 03:03 165888 ----a-w- c:\windows\system32\iexpress.exe

2012-02-25 03:03 . 2012-02-25 03:03 160256 ----a-w- c:\windows\system32\wextract.exe

2012-02-25 03:03 . 2012-02-25 03:03 1493504 ----a-w- c:\windows\system32\inetcpl.cpl

2012-02-25 03:03 . 2012-02-25 03:03 135168 ----a-w- c:\windows\system32\IEAdvpack.dll

2012-02-25 03:03 . 2012-02-25 03:03 111616 ----a-w- c:\windows\system32\iesysprep.dll

2012-02-25 02:08 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll

2012-02-25 02:08 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll

2012-02-19 21:42 . 2012-02-19 21:42 29480 ----a-w- c:\windows\SysWow64\msxml3a.dll

2012-02-19 21:42 . 2012-02-19 21:42 505128 ----a-w- c:\windows\SysWow64\msvcp71.dll

2012-02-19 21:42 . 2012-02-19 21:42 353576 ----a-w- c:\windows\SysWow64\msvcr71.dll

2012-02-09 19:17 . 2012-02-19 22:42 927800 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{D8742C83-2315-4AFF-941E-2B0DED58F179}\gapaengine.dll

2012-01-31 12:44 . 2012-02-19 21:57 279656 ------w- c:\windows\system32\MpSigStub.exe

2012-01-17 10:39 . 2012-02-19 21:57 8602168 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{288AF617-BFA9-4BAB-9A90-7B6A5F6136AE}\mpengine.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]

"{0F3DC9E0-C459-4a40-BCF8-747BD9322E10}"= "c:\program files (x86)\Splashtop\Splashtop Connect IE\AddressBarSearch.dll" [2011-03-04 165776]

.

[HKEY_CLASSES_ROOT\clsid\{0f3dc9e0-c459-4a40-bcf8-747bd9322e10}]

[HKEY_CLASSES_ROOT\AddressBarSearch.SearchHook.1]

[HKEY_CLASSES_ROOT\TypeLib\{4E8E0178-00EF-413d-9324-E7B3E31572E3}]

[HKEY_CLASSES_ROOT\AddressBarSearch.SearchHook]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"STCAgent"="c:\program files (x86)\Splashtop\Splashtop Connect IE\STCAgent.exe" [2011-03-04 776064]

"ZyngaGamesAgent"="c:\program files (x86)\Splashtop\Splashtop Connect\ZyngaGamesAgent.exe" [2010-11-15 841544]

"Dolby Home Theater v4"="c:\program files (x86)\Dolby Home Theater v4\pcee4.exe" [2011-06-01 506712]

"RemoteControl9"="c:\program files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe" [2009-07-06 87336]

"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-01-04 37296]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

R1 odxxrvxo;odxxrvxo;c:\windows\system32\drivers\odxxrvxo.sys [x]

R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-02-20 136176]

R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-02 253600]

R3 AppleChargerSrv;AppleChargerSrv;c:\windows\system32\AppleChargerSrv.exe [x]

R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-02-20 136176]

R3 GVTDrv64;GVTDrv64;c:\windows\GVTDrv64.sys [2012-03-14 30528]

R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [x]

R3 MSICDSetup;MSICDSetup;D:\CDriver64.sys [x]

R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]

R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 288272]

R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]

R3 RTTEAMPT;Realtek Teaming Protocol Driver (NDIS 6.2);c:\windows\system32\DRIVERS\RtTeam60.sys [x]

R3 RTVLANPT;Realtek Vlan Protocol Driver (NDIS 6.2);c:\windows\system32\DRIVERS\RtVlan60.sys [x]

R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]

R3 TEAM;Realtek Virtual Miniport Driver for Teaming (NDIS 6.2);c:\windows\system32\DRIVERS\RtTeam60.sys [x]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]

R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]

R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]

S1 AppleCharger;AppleCharger;c:\windows\system32\DRIVERS\AppleCharger.sys [x]

S2 ES lite Service;ES lite Service for program management.;c:\program files (x86)\Gigabyte\EasySaver\ESSVR.EXE [2009-08-24 68136]

S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-03-01 2348352]

S2 RtNdPt60;Realtek NDIS Protocol Driver;c:\windows\system32\DRIVERS\RtNdPt60.sys [x]

S2 SCBackService;Splashtop Connect Service;c:\program files (x86)\Splashtop\Splashtop Connect\BackService.exe [2010-11-15 477000]

S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-02-29 382272]

S2 WCUService_STC_FF;Splashtop Connect Firefox Software Updater Service;c:\program files (x86)\Splashtop\Splashtop Connect Firefox Software Updater\WCUService.exe [2011-03-24 493384]

S2 WCUService_STC_IE;Splashtop Connect IE Software Updater Service;c:\program files (x86)\Splashtop\Splashtop Connect IE Software Updater\WCUService.exe [2011-03-22 497480]

S3 EtronHub3;Etron USB 3.0 Extensible Hub Driver;c:\windows\system32\Drivers\EtronHub3.sys [x]

S3 EtronXHCI;Etron USB 3.0 Extensible Host Controller Driver;c:\windows\system32\Drivers\EtronXHCI.sys [x]

S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]

.

.

--- Other Services/Drivers In Memory ---

.

*NewlyCreated* - WS2IFSL

.

Contents of the 'Scheduled Tasks' folder

.

2012-04-11 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-02 21:31]

.

2012-04-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-02-20 02:40]

.

2012-04-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-02-20 02:40]

.

.

--------- x86-64 -----------

.

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-08-09 12666984]

"RtHDVBg_Dolby"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2011-08-09 2275944]

"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 1436736]

"Start WingMan Profiler"="c:\program files\Logitech\Gaming Software\LWEMon.exe" [2010-06-14 190536]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"LoadAppInit_DLLs"=0x0

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = hxxp://www.yahoo.com/

mLocal Page = c:\windows\SysWOW64\blank.htm

TCP: DhcpNameServer = 209.55.5.10 209.55.5.11

FF - ProfilePath - c:\users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\6g1z7odq.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/

FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=108720

FF - user.js: extensions.BabylonToolbar_i.babExt -

FF - user.js: extensions.BabylonToolbar_i.srcExt - ss

FF - user.js: extensions.BabylonToolbar_i.id - 4c32d4d400000000000050e549c23022

FF - user.js: extensions.BabylonToolbar_i.hardId - 4c32d4d400000000000050e549c23022

FF - user.js: extensions.BabylonToolbar_i.instlDay - 15403

FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17

FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17

FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.170:21

FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon

FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar

FF - user.js: extensions.BabylonToolbar_i.aflt - babsst

FF - user.js: extensions.BabylonToolbar_i.smplGrp - none

FF - user.js: extensions.BabylonToolbar_i.tlbrId - base

FF - user.js: extensions.BabylonToolbar_i.instlRef - sst

.

- - - - ORPHANS REMOVED - - - -

.

SafeBoot-MsMpSvc

.

.

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Other Running Processes ------------------------

.

c:\program files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe

.

**************************************************************************

.

Completion time: 2012-04-10 20:06:25 - machine was rebooted

ComboFix-quarantined-files.txt 2012-04-11 01:06

.

Pre-Run: 369,336,549,376 bytes free

Post-Run: 369,178,497,024 bytes free

.

- - End Of File - - 12044230D6D043307A585FC54D05D0DC

Hopefully it helps. I had to get on a spare computer to post this.

Link to post
Share on other sites
LDTate

LDTate

Posted
Posted

Copy/paste the text in the Codebox below into notepad:

Here's how to do that:

Click Start > Run type Notepad click OK.

This will open an empty notepad file:

Take your mouse, and place your cursor at the beginning of the text in the box below, then click and hold the left mouse button, while pulling your mouse over the text. This should highlight the text. Now release the left mouse button. Now, with the cursor over the highlighted text, right click the mouse for options, and select 'copy'. Now over the empty Notepad box, right click your mouse again, and select 'paste' and you will have copied and pasted the text. 

KillAll::

File::
c:\windows\system32\drivers\odxxrvxo.sys

FireFox::
FF - ProfilePath - c:\users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\6g1z7odq.default\
FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=108720
FF - user.js: extensions.BabylonToolbar_i.babExt -
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar_i.id - 4c32d4d400000000000050e549c23022
FF - user.js: extensions.BabylonToolbar_i.hardId - 4c32d4d400000000000050e549c23022
FF - user.js: extensions.BabylonToolbar_i.instlDay - 15403
FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.170:21
FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar_i.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar_i.tlbrId - base
FF - user.js: extensions.BabylonToolbar_i.instlRef - sst

Driver::
odxxrvxo

Save this file to your desktop, Save this as "CFScript"

Here's how to do that:

1.Click File;

2.Click Save As... Change the directory to your desktop;

3.Change the Save as type to "All Files";

4.Type in the file name: CFScript

5.Click Save ...

CFScriptB-4.gif

Drag CFScript.txt into ComboFix.exe

Then post the results log using Copy / Paste

Also please describe how your computer behaves at the moment.

Link to post
Share on other sites
TheRanger53

TheRanger53

Posted
  • Author
Posted

ComboFix 12-04-10.02 - Mike 04/11/2012 11:02:59.2.6 - x64

Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.8173.6770 [GMT -5:00]

Running from: c:\users\Mike\Desktop\ComboFix.exe

Command switches used :: c:\users\Mike\Desktop\CFScript.txt

AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}

SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

FILE ::

"c:\windows\system32\drivers\odxxrvxo.sys"

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

-------\Service_odxxrvxo

.

.

((((((((((((((((((((((((( Files Created from 2012-03-11 to 2012-04-11 )))))))))))))))))))))))))))))))

.

.

2012-04-11 16:07 . 2012-04-11 16:07 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-04-11 01:34 . 2012-03-01 06:46 23408 ----a-w- c:\windows\system32\drivers\fs_rec.sys

2012-04-11 01:34 . 2012-03-01 06:33 81408 ----a-w- c:\windows\system32\imagehlp.dll

2012-04-11 01:34 . 2012-03-01 05:33 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll

2012-04-11 01:34 . 2012-03-01 06:38 220672 ----a-w- c:\windows\system32\wintrust.dll

2012-04-11 01:34 . 2012-03-01 06:28 5120 ----a-w- c:\windows\system32\wmi.dll

2012-04-11 01:34 . 2012-03-01 05:37 172544 ----a-w- c:\windows\SysWow64\wintrust.dll

2012-04-11 01:34 . 2012-03-01 05:29 5120 ----a-w- c:\windows\SysWow64\wmi.dll

2012-04-04 01:38 . 2012-04-04 01:39 -------- d-----w- C:\WINSSLog

2012-04-04 01:05 . 2012-03-14 03:27 8669240 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{4C59FFDE-F0EA-4C8B-832E-D50758E43EE6}\mpengine.dll

2012-04-02 21:31 . 2012-04-02 21:31 418464 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

2012-03-27 15:31 . 2012-03-27 15:31 -------- d-----w- c:\program files\CCleaner

2012-03-19 02:38 . 2012-03-19 02:59 -------- d-----w- c:\users\Mike\AppData\Roaming\Audacity

2012-03-19 02:38 . 2012-03-19 02:38 -------- d-----w- c:\program files (x86)\Audacity

2012-03-18 17:19 . 2012-03-18 17:19 592824 ----a-w- c:\program files (x86)\Mozilla Firefox\gkmedias.dll

2012-03-18 17:19 . 2012-03-18 17:19 44472 ----a-w- c:\program files (x86)\Mozilla Firefox\mozglue.dll

2012-03-14 21:47 . 2012-03-19 02:22 -------- d-----w- c:\users\UpdatusUser

2012-03-14 21:43 . 2012-03-14 21:46 -------- d-----w- C:\NVIDIA

2012-03-14 01:00 . 2012-02-03 04:34 3145728 ----a-w- c:\windows\system32\win32k.sys

2012-03-14 01:00 . 2012-02-10 06:36 1544192 ----a-w- c:\windows\system32\DWrite.dll

2012-03-14 01:00 . 2012-02-10 05:38 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll

2012-03-14 00:59 . 2012-01-25 06:38 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll

2012-03-14 00:59 . 2012-01-25 06:33 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe

2012-03-14 00:59 . 2012-01-25 06:38 77312 ----a-w- c:\windows\system32\rdpwsx.dll

2012-03-14 00:59 . 2012-02-17 06:38 1112064 ----a-w- c:\windows\system32\rdpcorets.dll

2012-03-14 00:59 . 2012-02-17 06:38 1031680 ----a-w- c:\windows\system32\rdpcore.dll

2012-03-14 00:59 . 2012-02-17 05:34 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll

2012-03-14 00:59 . 2012-02-17 04:58 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys

2012-03-14 00:59 . 2012-02-17 04:57 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-04-11 16:08 . 2012-02-19 22:24 25640 ----a-w- c:\windows\gdrv.sys

2012-04-02 21:31 . 2012-02-19 23:34 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2012-03-14 16:53 . 2012-02-19 22:24 30528 ----a-w- c:\windows\GVTDrv64.sys

2012-03-14 03:27 . 2012-02-21 01:25 8669240 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

2012-03-10 02:55 . 2009-08-18 18:49 564632 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\wlidui.dll

2012-03-10 02:54 . 2009-08-18 17:24 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll

2012-03-04 06:11 . 2012-03-04 05:44 466456 ----a-w- c:\windows\system32\wrap_oal.dll

2012-03-04 06:11 . 2012-03-04 05:44 444952 ----a-w- c:\windows\SysWow64\wrap_oal.dll

2012-03-04 06:11 . 2012-03-04 05:44 122904 ----a-w- c:\windows\system32\OpenAL32.dll

2012-03-04 06:11 . 2012-03-04 05:44 109080 ----a-w- c:\windows\SysWow64\OpenAL32.dll

2012-03-01 00:02 . 2012-02-19 20:59 2660160 ----a-w- c:\windows\system32\nvapi64.dll

2012-03-01 00:02 . 2012-02-19 20:59 2301248 ----a-w- c:\windows\SysWow64\nvapi.dll

2012-03-01 00:02 . 2011-05-21 12:01 7713088 ----a-w- c:\windows\SysWow64\nvwgf2um.dll

2012-02-29 21:00 . 2011-01-08 02:49 3089728 ----a-w- c:\windows\system32\nvsvc64.dll

2012-02-29 21:00 . 2011-01-08 02:50 6074176 ----a-w- c:\windows\system32\nvcpl.dll

2012-02-29 20:59 . 2011-01-08 02:49 118080 ----a-w- c:\windows\system32\nvmctray.dll

2012-02-29 20:59 . 2011-01-08 02:49 889664 ----a-w- c:\windows\system32\nvvsvc.exe

2012-02-29 20:59 . 2011-01-08 02:49 63296 ----a-w- c:\windows\system32\nvshext.dll

2012-02-29 18:26 . 2012-02-29 18:26 416064 ----a-w- c:\windows\SysWow64\nvStreaming.exe

2012-02-25 03:03 . 2012-02-25 03:03 86528 ----a-w- c:\windows\SysWow64\iesysprep.dll

2012-02-25 03:03 . 2012-02-25 03:03 76800 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe

2012-02-25 03:03 . 2012-02-25 03:03 74752 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe

2012-02-25 03:03 . 2012-02-25 03:03 74752 ----a-w- c:\windows\SysWow64\iesetup.dll

2012-02-25 03:03 . 2012-02-25 03:03 63488 ----a-w- c:\windows\SysWow64\tdc.ocx

2012-02-25 03:03 . 2012-02-25 03:03 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll

2012-02-25 03:03 . 2012-02-25 03:03 367104 ----a-w- c:\windows\SysWow64\html.iec

2012-02-25 03:03 . 2012-02-25 03:03 23552 ----a-w- c:\windows\SysWow64\licmgr10.dll

2012-02-25 03:03 . 2012-02-25 03:03 161792 ----a-w- c:\windows\SysWow64\msls31.dll

2012-02-25 03:03 . 2012-02-25 03:03 152064 ----a-w- c:\windows\SysWow64\wextract.exe

2012-02-25 03:03 . 2012-02-25 03:03 150528 ----a-w- c:\windows\SysWow64\iexpress.exe

2012-02-25 03:03 . 2012-02-25 03:03 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll

2012-02-25 03:03 . 2012-02-25 03:03 89088 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe

2012-02-25 03:03 . 2012-02-25 03:03 49664 ----a-w- c:\windows\system32\imgutil.dll

2012-02-25 03:03 . 2012-02-25 03:03 420864 ----a-w- c:\windows\SysWow64\vbscript.dll

2012-02-25 03:03 . 2012-02-25 03:03 35840 ----a-w- c:\windows\SysWow64\imgutil.dll

2012-02-25 03:03 . 2012-02-25 03:03 222208 ----a-w- c:\windows\system32\msls31.dll

2012-02-25 03:03 . 2012-02-25 03:03 173056 ----a-w- c:\windows\system32\ieUnatt.exe

2012-02-25 03:03 . 2012-02-25 03:03 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe

2012-02-25 03:03 . 2012-02-25 03:03 12288 ----a-w- c:\windows\system32\mshta.exe

2012-02-25 03:03 . 2012-02-25 03:03 11776 ----a-w- c:\windows\SysWow64\mshta.exe

2012-02-25 03:03 . 2012-02-25 03:03 114176 ----a-w- c:\windows\system32\admparse.dll

2012-02-25 03:03 . 2012-02-25 03:03 101888 ----a-w- c:\windows\SysWow64\admparse.dll

2012-02-25 03:03 . 2012-02-25 03:03 91648 ----a-w- c:\windows\system32\SetIEInstalledDate.exe

2012-02-25 03:03 . 2012-02-25 03:03 85504 ----a-w- c:\windows\system32\iesetup.dll

2012-02-25 03:03 . 2012-02-25 03:03 76800 ----a-w- c:\windows\system32\tdc.ocx

2012-02-25 03:03 . 2012-02-25 03:03 603648 ----a-w- c:\windows\system32\vbscript.dll

2012-02-25 03:03 . 2012-02-25 03:03 48640 ----a-w- c:\windows\system32\mshtmler.dll

2012-02-25 03:03 . 2012-02-25 03:03 448512 ----a-w- c:\windows\system32\html.iec

2012-02-25 03:03 . 2012-02-25 03:03 30720 ----a-w- c:\windows\system32\licmgr10.dll

2012-02-25 03:03 . 2012-02-25 03:03 165888 ----a-w- c:\windows\system32\iexpress.exe

2012-02-25 03:03 . 2012-02-25 03:03 160256 ----a-w- c:\windows\system32\wextract.exe

2012-02-25 03:03 . 2012-02-25 03:03 135168 ----a-w- c:\windows\system32\IEAdvpack.dll

2012-02-25 03:03 . 2012-02-25 03:03 111616 ----a-w- c:\windows\system32\iesysprep.dll

2012-02-25 02:08 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll

2012-02-25 02:08 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll

2012-02-19 21:42 . 2012-02-19 21:42 29480 ----a-w- c:\windows\SysWow64\msxml3a.dll

2012-02-19 21:42 . 2012-02-19 21:42 505128 ----a-w- c:\windows\SysWow64\msvcp71.dll

2012-02-19 21:42 . 2012-02-19 21:42 353576 ----a-w- c:\windows\SysWow64\msvcr71.dll

2012-02-09 19:17 . 2012-02-19 22:42 927800 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{D8742C83-2315-4AFF-941E-2B0DED58F179}\gapaengine.dll

2012-01-31 12:44 . 2012-02-19 21:57 279656 ------w- c:\windows\system32\MpSigStub.exe

2012-01-17 10:39 . 2012-02-19 21:57 8602168 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{288AF617-BFA9-4BAB-9A90-7B6A5F6136AE}\mpengine.dll

.

.

((((((((((((((((((((((((((((( SnapShot@2012-04-11_01.02.41 )))))))))))))))))))))))))))))))))))))))))

.

+ 2012-04-11 01:35 . 2012-02-28 01:03 72704 c:\windows\SysWOW64\mshtmled.dll

- 2012-02-25 03:03 . 2012-02-25 03:03 72704 c:\windows\SysWOW64\mshtmled.dll

- 2012-02-25 03:03 . 2012-02-25 03:03 66048 c:\windows\SysWOW64\migration\WininetPlugin.dll

+ 2012-04-11 01:35 . 2012-02-28 01:08 66048 c:\windows\SysWOW64\migration\WininetPlugin.dll

- 2012-02-25 03:03 . 2012-02-25 03:03 65024 c:\windows\SysWOW64\jsproxy.dll

+ 2012-04-11 01:35 . 2012-02-28 01:08 65024 c:\windows\SysWOW64\jsproxy.dll

+ 2012-02-19 21:29 . 2012-04-11 15:45 26784 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin

+ 2009-07-14 05:10 . 2012-04-11 15:45 29034 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin

- 2012-02-25 03:03 . 2012-02-25 03:03 96256 c:\windows\system32\mshtmled.dll

+ 2012-04-11 01:35 . 2012-02-28 06:43 96256 c:\windows\system32\mshtmled.dll

+ 2012-04-11 01:35 . 2012-02-28 06:47 86528 c:\windows\system32\migration\WininetPlugin.dll

- 2012-02-25 03:03 . 2012-02-25 03:03 86528 c:\windows\system32\migration\WininetPlugin.dll

- 2012-02-25 03:03 . 2012-02-25 03:03 85504 c:\windows\system32\jsproxy.dll

+ 2012-04-11 01:35 . 2012-02-28 06:47 85504 c:\windows\system32\jsproxy.dll

+ 2009-07-14 04:46 . 2012-04-11 15:51 87424 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat

+ 2012-02-19 21:16 . 2012-04-11 15:45 6332 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2045342659-1971738738-827442351-1000_UserData.bin

- 2012-04-11 01:02 . 2012-04-11 01:02 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

+ 2012-04-11 16:08 . 2012-04-11 16:08 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

- 2012-04-11 01:02 . 2012-04-11 01:02 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

+ 2012-04-11 16:08 . 2012-04-11 16:08 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

+ 2012-04-11 01:35 . 2012-02-28 01:09 231936 c:\windows\SysWOW64\url.dll

- 2012-02-25 03:03 . 2012-02-25 03:03 231936 c:\windows\SysWOW64\url.dll

- 2012-02-25 03:03 . 2012-02-25 03:03 716800 c:\windows\SysWOW64\jscript.dll

+ 2012-04-11 01:35 . 2012-02-28 01:06 716800 c:\windows\SysWOW64\jscript.dll

+ 2012-04-11 01:35 . 2012-02-28 00:59 176640 c:\windows\SysWOW64\ieui.dll

- 2012-02-25 03:03 . 2012-02-25 03:03 176640 c:\windows\SysWOW64\ieui.dll

- 2012-02-25 03:03 . 2012-02-25 03:03 237056 c:\windows\system32\url.dll

+ 2012-04-11 01:35 . 2012-02-28 06:48 237056 c:\windows\system32\url.dll

- 2009-07-14 02:36 . 2012-04-11 00:22 617222 c:\windows\system32\perfh009.dat

+ 2009-07-14 02:36 . 2012-04-11 15:49 617222 c:\windows\system32\perfh009.dat

- 2009-07-14 02:36 . 2012-04-11 00:22 104496 c:\windows\system32\perfc009.dat

+ 2009-07-14 02:36 . 2012-04-11 15:49 104496 c:\windows\system32\perfc009.dat

+ 2012-04-11 01:35 . 2012-02-28 06:45 818688 c:\windows\system32\jscript.dll

- 2012-02-25 03:03 . 2012-02-25 03:03 818688 c:\windows\system32\jscript.dll

+ 2012-04-11 01:35 . 2012-02-28 06:39 248320 c:\windows\system32\ieui.dll

- 2012-02-25 03:03 . 2012-02-25 03:03 248320 c:\windows\system32\ieui.dll

+ 2012-02-22 02:25 . 2012-04-11 03:19 553856 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat

- 2012-02-22 02:25 . 2012-03-11 03:02 553856 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat

- 2009-07-14 05:01 . 2012-04-11 01:01 237160 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat

+ 2009-07-14 05:01 . 2012-04-11 16:07 237160 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat

+ 2012-04-10 23:46 . 2012-01-26 23:31 630784 c:\windows\Microsoft.NET\Framework64\v2.0.50727\System.Drawing.dll

+ 2012-04-10 23:46 . 2012-01-26 23:33 630784 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Drawing.dll

+ 2012-04-11 03:06 . 2012-04-11 03:06 295424 c:\windows\assembly\NativeImages_v2.0.50727_64\System.ServiceProce#\2ea95f3113ace6c1adf4ab9f9fc4285e\System.ServiceProcess.ni.dll

+ 2012-04-11 03:06 . 2012-04-11 03:06 288768 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Drawing.Desi#\a94125636875d06389922fcd86b7a615\System.Drawing.Design.ni.dll

+ 2012-04-11 03:07 . 2012-04-11 03:07 212992 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\c2c7f68605a42caef1b7a19c51de58b4\System.ServiceProcess.ni.dll

+ 2012-04-11 03:07 . 2012-04-11 03:07 208384 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing.Desi#\b64b898fd099d1644a8673137ac56011\System.Drawing.Design.ni.dll

+ 2012-04-10 23:46 . 2012-01-26 23:33 630784 c:\windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll

- 2012-02-25 03:03 . 2012-02-25 03:03 1127424 c:\windows\SysWOW64\wininet.dll

+ 2012-04-11 01:35 . 2012-02-28 01:11 1127424 c:\windows\SysWOW64\wininet.dll

+ 2012-04-11 01:35 . 2012-02-28 01:12 1103360 c:\windows\SysWOW64\urlmon.dll

- 2012-02-25 03:03 . 2012-02-25 03:03 1103360 c:\windows\SysWOW64\urlmon.dll

+ 2012-04-11 01:35 . 2012-02-28 01:18 1799168 c:\windows\SysWOW64\jscript9.dll

- 2012-02-25 03:03 . 2012-02-25 03:03 1792000 c:\windows\SysWOW64\iertutil.dll

+ 2012-04-11 01:35 . 2012-02-28 01:04 1792000 c:\windows\SysWOW64\iertutil.dll

+ 2012-04-11 01:35 . 2012-02-28 01:27 9705984 c:\windows\SysWOW64\ieframe.dll

+ 2012-04-11 01:35 . 2012-02-28 06:49 1390080 c:\windows\system32\wininet.dll

- 2012-02-25 03:03 . 2012-02-25 03:03 1390080 c:\windows\system32\wininet.dll

- 2012-02-25 03:03 . 2012-02-25 03:03 1345536 c:\windows\system32\urlmon.dll

+ 2012-04-11 01:35 . 2012-02-28 06:50 1345536 c:\windows\system32\urlmon.dll

+ 2012-04-11 01:35 . 2012-02-28 06:56 2311168 c:\windows\system32\jscript9.dll

- 2012-02-25 03:03 . 2012-02-25 03:03 2144256 c:\windows\system32\iertutil.dll

+ 2012-04-11 01:35 . 2012-02-28 06:43 2144256 c:\windows\system32\iertutil.dll

+ 2009-07-14 04:45 . 2012-04-11 03:06 6019631 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat

- 2009-07-14 04:45 . 2012-03-14 01:18 6019631 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat

- 2012-02-20 02:56 . 2012-04-11 01:01 7294260 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2045342659-1971738738-827442351-1000-8192.dat

+ 2012-02-20 02:56 . 2012-04-11 16:07 7294260 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2045342659-1971738738-827442351-1000-8192.dat

+ 2012-04-11 03:06 . 2012-04-11 03:06 5957632 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Workflow.Com#\d26e6d07c2e10bc55c2bfd2440ec14bc\System.Workflow.ComponentModel.ni.dll

+ 2012-04-11 03:06 . 2012-04-11 03:06 3895296 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Workflow.Act#\f044eaa5dc79454c4081bdbea81bf67e\System.Workflow.Activities.ni.dll

+ 2012-04-11 03:06 . 2012-04-11 03:06 1463808 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Printing\7e62d5f06809c96b0e957cc948d98d7c\System.Printing.ni.dll

+ 2012-04-11 03:05 . 2012-04-11 03:05 2317312 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Drawing\95d41ace5d8803b9318366ad5f0fbdff\System.Drawing.ni.dll

+ 2012-04-11 03:05 . 2012-04-11 03:05 2444288 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Deployment\7e705656ef1ee9078e0d51699d9e0858\System.Deployment.ni.dll

+ 2012-04-11 03:06 . 2012-04-11 03:06 3116032 c:\windows\assembly\NativeImages_v2.0.50727_64\ReachFramework\df3b4d20eaf81da80db9be811947e475\ReachFramework.ni.dll

+ 2012-04-11 03:06 . 2012-04-11 03:06 2109952 c:\windows\assembly\NativeImages_v2.0.50727_64\PresentationUI\8e76dcfa3f4676022f95437037c8ad51\PresentationUI.ni.dll

+ 2012-04-11 03:08 . 2012-04-11 03:08 4516352 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Com#\6d2f8bad410dae6049507d7bc097a62d\System.Workflow.ComponentModel.ni.dll

+ 2012-04-11 03:07 . 2012-04-11 03:07 2995200 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Act#\31fd6842b7ccb502dc2f5f11c1f991bd\System.Workflow.Activities.ni.dll

+ 2012-04-11 03:07 . 2012-04-11 03:07 1044480 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Printing\0b27d6da6e6bc319c3805435b818c1e5\System.Printing.ni.dll

+ 2012-04-11 03:07 . 2012-04-11 03:07 1590784 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\8177623eac8f15cf95b587625439eac7\System.Drawing.ni.dll

+ 2012-04-11 03:07 . 2012-04-11 03:07 1806848 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Deployment\e45611cad86870a7011bb18b9e993861\System.Deployment.ni.dll

+ 2012-04-11 03:07 . 2012-04-11 03:07 2157056 c:\windows\assembly\NativeImages_v2.0.50727_32\ReachFramework\ffe872f5d03f8bf4d1e1aca71274aec4\ReachFramework.ni.dll

+ 2012-04-11 03:07 . 2012-04-11 03:07 1658368 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationUI\167ae650f54f5cd46c07329972f179ad\PresentationUI.ni.dll

+ 2012-04-11 01:35 . 2012-02-28 01:52 12281856 c:\windows\SysWOW64\mshtml.dll

+ 2009-07-14 02:34 . 2012-04-11 03:02 10747904 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT

+ 2012-04-11 01:35 . 2012-02-28 07:34 17790976 c:\windows\system32\mshtml.dll

+ 2012-02-25 01:56 . 2012-04-11 01:34 57249312 c:\windows\system32\MRT.exe

+ 2012-04-11 01:35 . 2012-02-28 07:02 10888704 c:\windows\system32\ieframe.dll

+ 2012-04-11 03:05 . 2012-04-11 03:05 17379840 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\3466442b4168ba11787961fcfd410adf\System.Windows.Forms.ni.dll

+ 2012-04-11 03:06 . 2012-04-11 03:06 15270912 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web\79c8a2e836c01784bb8e3e2d0ed26850\System.Web.ni.dll

+ 2012-04-11 03:06 . 2012-04-11 03:06 13609472 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Design\552733f73f5483946cce9229b27bdcb2\System.Design.ni.dll

+ 2012-04-11 03:06 . 2012-04-11 03:06 19195392 c:\windows\assembly\NativeImages_v2.0.50727_64\PresentationFramewo#\b87e4cff3eb13680c55a5f4ee9786b56\PresentationFramework.ni.dll

+ 2012-04-11 03:05 . 2012-04-11 03:05 16540160 c:\windows\assembly\NativeImages_v2.0.50727_64\PresentationCore\1233412b58120995b639428b5e6d998e\PresentationCore.ni.dll

+ 2012-04-11 03:07 . 2012-04-11 03:07 12433408 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\262285b3d0afafc5059f3fe9be69bff5\System.Windows.Forms.ni.dll

+ 2012-04-11 03:07 . 2012-04-11 03:07 11833344 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web\507b4ca18da9d2fde2e51a1f04593443\System.Web.ni.dll

+ 2012-04-11 03:07 . 2012-04-11 03:07 10580480 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Design\846a51eb446bee41a26a6914a95e38cd\System.Design.ni.dll

+ 2012-04-11 03:07 . 2012-04-11 03:07 14339072 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\43e23da6683962ea1168aaf007bbc35d\PresentationFramework.ni.dll

+ 2012-04-11 03:07 . 2012-04-11 03:07 12234752 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\74d980e52c1791f1b8608d767a393144\PresentationCore.ni.dll

.

-- Snapshot reset to current date --

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]

"{0F3DC9E0-C459-4a40-BCF8-747BD9322E10}"= "c:\program files (x86)\Splashtop\Splashtop Connect IE\AddressBarSearch.dll" [2011-03-04 165776]

.

[HKEY_CLASSES_ROOT\clsid\{0f3dc9e0-c459-4a40-bcf8-747bd9322e10}]

[HKEY_CLASSES_ROOT\AddressBarSearch.SearchHook.1]

[HKEY_CLASSES_ROOT\TypeLib\{4E8E0178-00EF-413d-9324-E7B3E31572E3}]

[HKEY_CLASSES_ROOT\AddressBarSearch.SearchHook]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"STCAgent"="c:\program files (x86)\Splashtop\Splashtop Connect IE\STCAgent.exe" [2011-03-04 776064]

"ZyngaGamesAgent"="c:\program files (x86)\Splashtop\Splashtop Connect\ZyngaGamesAgent.exe" [2010-11-15 841544]

"Dolby Home Theater v4"="c:\program files (x86)\Dolby Home Theater v4\pcee4.exe" [2011-06-01 506712]

"RemoteControl9"="c:\program files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe" [2009-07-06 87336]

"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-01-04 37296]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-02-20 136176]

R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-02 253600]

R3 AppleChargerSrv;AppleChargerSrv;c:\windows\system32\AppleChargerSrv.exe [x]

R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-02-20 136176]

R3 GVTDrv64;GVTDrv64;c:\windows\GVTDrv64.sys [2012-03-14 30528]

R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [x]

R3 MSICDSetup;MSICDSetup;D:\CDriver64.sys [x]

R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]

R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 288272]

R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]

R3 RTTEAMPT;Realtek Teaming Protocol Driver (NDIS 6.2);c:\windows\system32\DRIVERS\RtTeam60.sys [x]

R3 RTVLANPT;Realtek Vlan Protocol Driver (NDIS 6.2);c:\windows\system32\DRIVERS\RtVlan60.sys [x]

R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]

R3 TEAM;Realtek Virtual Miniport Driver for Teaming (NDIS 6.2);c:\windows\system32\DRIVERS\RtTeam60.sys [x]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]

R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]

R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]

S1 AppleCharger;AppleCharger;c:\windows\system32\DRIVERS\AppleCharger.sys [x]

S2 ES lite Service;ES lite Service for program management.;c:\program files (x86)\Gigabyte\EasySaver\ESSVR.EXE [2009-08-24 68136]

S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-03-01 2348352]

S2 RtNdPt60;Realtek NDIS Protocol Driver;c:\windows\system32\DRIVERS\RtNdPt60.sys [x]

S2 SCBackService;Splashtop Connect Service;c:\program files (x86)\Splashtop\Splashtop Connect\BackService.exe [2010-11-15 477000]

S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-02-29 382272]

S2 WCUService_STC_FF;Splashtop Connect Firefox Software Updater Service;c:\program files (x86)\Splashtop\Splashtop Connect Firefox Software Updater\WCUService.exe [2011-03-24 493384]

S2 WCUService_STC_IE;Splashtop Connect IE Software Updater Service;c:\program files (x86)\Splashtop\Splashtop Connect IE Software Updater\WCUService.exe [2011-03-22 497480]

S3 EtronHub3;Etron USB 3.0 Extensible Hub Driver;c:\windows\system32\Drivers\EtronHub3.sys [x]

S3 EtronXHCI;Etron USB 3.0 Extensible Host Controller Driver;c:\windows\system32\Drivers\EtronXHCI.sys [x]

S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]

.

.

Contents of the 'Scheduled Tasks' folder

.

2012-04-11 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-02 21:31]

.

2012-04-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-02-20 02:40]

.

2012-04-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-02-20 02:40]

.

.

--------- x86-64 -----------

.

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-08-09 12666984]

"RtHDVBg_Dolby"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2011-08-09 2275944]

"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 1436736]

"Start WingMan Profiler"="c:\program files\Logitech\Gaming Software\LWEMon.exe" [2010-06-14 190536]

"combofix"="c:\combofix\CF4964.3XE" [2010-11-20 345088]

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = hxxp://www.yahoo.com/

mLocal Page = c:\windows\SysWOW64\blank.htm

TCP: DhcpNameServer = 209.55.5.10 209.55.5.11

FF - ProfilePath - c:\users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\6g1z7odq.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/

.

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Other Running Processes ------------------------

.

c:\program files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe

c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

.

**************************************************************************

.

Completion time: 2012-04-11 11:12:21 - machine was rebooted

ComboFix-quarantined-files.txt 2012-04-11 16:12

ComboFix2.txt 2012-04-11 01:06

.

Pre-Run: 368,726,806,528 bytes free

Post-Run: 368,264,806,400 bytes free

.

- - End Of File - - A212F53F455F544665FB1BE1F2E345D5

The affected computer seemed to be acting normal as Combofix ran. When the scan was completed the computer restarted and generated the log for me to copy and paste. I was unable to open either browser to post the results because of the same reasons in the previous answer. I am again posting this via flash drive on a different computer and have rebooted the affected one in an effort to get it online again.

Link to post
Share on other sites
LDTate

LDTate

Posted
Posted

Go to Start->Run->Type CMD and click Ok. The MSDOS Window will be displayed. At the command prompt, type the following and press Enter after each line:

IPCONFIG /release

IPCONFIG /flushdns

IPCONFIG /renew

IPCONFIG /registerdns

netsh winsock reset

netsh int ip reset

regsvr32 netshell.dll

regsvr32 netcfgx.dll

regsvr32 netman.dll

Exit

Reboot and let me know if the internet is working now.

Link to post
Share on other sites
LDTate

LDTate

Posted
Posted

If that's the only issue, uninstall / reinstall it.

I want you to uninstall combofix first.

The following will implement some cleanup procedures as well as reset System Restore points:

For XP:

  • Click START run
  • Now type ComboFix /Uninstall in the runbox and click OK. Note the space between the X and the /, it needs to be there.

For Vista / Windows 7

  • Click START Search
  • Now type ComboFix /Uninstall in the runbox and click OK. Note the space between the X and the /, it needs to be there.

Link to post
Share on other sites
Guest
This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.